Duze spowolnienie komputera

Majkel7 · 16 Luty 2007 14:48

Od jakiegos czasu komputer zaczal mi nieco spowalniac, ale dalo rade wytrzymac. Dzisiaj za to juz jest naprawde slabo :? Wszystko dziala duuuzo wolniej. Musze przyznac, ze sam sie zbyt dobrze nie znam, wiec bylbym bardzo wdzieczny za kazda pomoc

C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\soundman.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\D-Tools\daemon.exe C:\WINDOWS\system32\winlr1.exe C:\WINDOWS\system32\kksvchost.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\iPod\bin\iPodService.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Documents and Settings\Michał\Pulpit\Nowy folder (2)\Netsoccer\netsoccer.exe D:\firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Michał\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [soundMan] soundman.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [iTunesHelper] “C:\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE” /s O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [AltnetDownloadManager] C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe -Embedding O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.kaliber.com.pl/CFIDE/classes/CFJava.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab O17 - HKLM\System\CCS\Services\Tcpip…{E858A651-8292-48D4-A4D8-792E3A673052}: NameServer = 194.204.152.34 217.98.63.164 O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe

MarioC · 16 Luty 2007 15:05

Podaj pełen log z nagłówkiem i nie ucinaj, daj jeszcze log z SilentRunner

Majkel7 · 16 Luty 2007 15:10

Pelny log Przykro mi, ale nie posiadam SillentRunnera, ba nawet nie wiem co to jest.

Logfile of HijackThis v1.99.1 Scan saved at 23:34:21, on 2007-02-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\soundman.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\D-Tools\daemon.exe C:\WINDOWS\system32\winlr1.exe C:\WINDOWS\system32\kksvchost.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\iPod\bin\iPodService.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Documents and Settings\Michał\Pulpit\Nowy folder (2)\Netsoccer\netsoccer.exe D:\firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Michał\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [soundMan] soundman.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [iTunesHelper] “C:\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE” /s O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [AltnetDownloadManager] C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe -Embedding O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.kaliber.com.pl/CFIDE/classes/CFJava.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab O17 - HKLM\System\CCS\Services\Tcpip…{E858A651-8292-48D4-A4D8-792E3A673052}: NameServer = 194.204.152.34 217.98.63.164 O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe

adam9870 · 16 Luty 2007 15:18

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

Użyj narzędzia SmitFraudFix (wybierz opcję 2). Potem sprawdź co będzie z tego co wskazałem poniżej i usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\WO4 - HKLM…\RunServices: [msvcc25] svcchost.exeeb Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe

Pliki i foldery zaznaczone kasujesz ręcznie z dysku natomiast wpisy w HijackThis.

Przeskanuj http://www.kaspersky.pl/virusscanner.html

Po wykonaniu pokaż nowy log z HijackThis, SilentRunners oraz zawartość pliku c:\rapport.txt

Mam pytanie: do czego w tej chwili jest Ci potrzebny log z silenta? Pytanie retoryczne - nie musisz na nie odpowiadać.

Majkel7 · 17 Luty 2007 12:38

Jak pisalem wyzej, zbyt obeznany na kompach nie jestem wiec mialbym tutaj kilka pytan co do porady adam

“Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw)” - jak wlaczylem to wszystkie znaczki byly na zielono/zolto, lecz wszedzie bylo disabled;) Jak kliknalem na enable, to pozmienialy sie na czerwone. Wiec co w koncu zrobic?

"Użyj narzędzia SmitFraudFix (wybierz opcję 2). Potem sprawdź co będzie z tego co wskazałem poniżej i usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Cytat:" - Jak uruchomic ten program w trybie awaryjnym? Nigdy nic w trybie awaryjnym nie robilem Confused

“Pliki i foldery zaznaczone kasujesz ręcznie z dysku natomiast wpisy w HijackThis.”

te pliki i foldery usuwac najpierw za pomoca SmitFraudFixa a potem recznie, czy tylko recznie?

“Natomiast wpisy w HijackThis” nie rozumiem tego zdania, co mam niby zrobic?

Jakby ktos mi mogl wyjasnic watpliwosci bylbym wdzieczny(juz drugi raz :mrgreen: )

adam9870 · 17 Luty 2007 12:54

Skoro jesteś początkujący to zrobimy to nieco inaczej.

Po pobraniu windows woorms doors cleanera jak widzisz czerwone znaczki to klikasz na taki znaczek raz lewym klawiszem myszki i tyle. Robisz tak dalej z każdym czerwonym znaczkiem, a potem zamykasz program. Zostaniesz spytany czy chcesz zrestartować komputer. Zgadzasz się na to i po resecie znaczki powinny zostać zmienione na zielone.
Otwórz Notatnik i wklej w nim to:

sc stop hwclock sc delete hwclock sc stop “l6” sc delete “l6” sc stop “mnew1win” sc delete “mnew1win” sc stop “mnew4win” sc delete “mnew4win” sc stop MSDisk sc delete MSDisk sc stop Win32Kernel sc delete Win32Kernel sc stop “winmattm” sc delete “winmattm” CD C:\Program Files\Common Files\Microsoft Shared\Web Folders ATTRIB -R-S-H ibm00011.exe DEL ibm00011.exe RD /S /Q C:\Kazaa CD C:\WINDOWS\system32 ATTRIB -R-S-H ymmg.exe ATTRIB -R-S-H winsystems.exe ATTRIB -R-S-H winystems.exe ATTRIB -R-S-H mysvcc.exe ATTRIB -R-S-H svcchost.exe ATTRIB -R-S-H mnew1win.exe ATTRIB -R-S-H ll6.exe ATTRIB -R-S-H lrsys4.exe ATTRIB -R-S-H lrsys1.exe ATTRIB -R-S-H winlr1.exe ATTRIB -R-S-H kksvchost.exe ATTRIB -R-S-H l4svchost.exe ATTRIB -R-S-H lmdm.exe ATTRIB -R-S-H mnew1winc4.exe ATTRIB -R-S-H syst1q2.dll ATTRIB -R-S-H hwclock.exe ATTRIB -R-S-H mnew1win.exe ATTRIB -R-S-H mnew4win.exe ATTRIB -R-S-H irdvxc.exe ATTRIB -R-S-H mattm.exe DEL ymmg.exe DEL winsystems.exe DEL winystems.exe DEL mysvcc.exe DEL svcchost.exe DEL mnew1win.exe DEL ll6.exe DEL lrsys4.exe DEL lrsys1.exe DEL winlr1.exe DEL kksvchost.exe DEL l4svchost.exe DEL lmdm.exe DEL mnew1winc4.exe DEL syst1q2.dll DEL hwclock.exe DEL mnew1win.exe DEL mnew4win.exe DEL irdvxc.exe DEL mattm.exe CD C:\ ATTRIB -R-S-H Documents5120.exe DEL Documents5120.exe CD C:\WINDOWS ATTRIB -R-S-H win32host.exe DEL win32host.exe

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Pobierz i wypakuj SmitFraudFix:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Na pobrany plik kliknij prawym klawiszem myszki i wybierz opcję w stylu wypakuj

Uruchom system w trybie awaryjnym

Kliknij dwa razy na plik FIX.BAT. Mignie przez chwilkę ekran
Uruchom plik SmitFraudFix.cmd i wybierz opcję 2.

http://forum.dobreprogramy.pl/viewtopic … 329#539329

Urucham HijackThis => kliknij Do a system scan only => pokaże się lista wpisów => postaw ptaszek przy wpisach:

F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\WO4 - HKLM…\RunServices: [msvcc25] svcchost.exeeb Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe

=> kliknij Fix checked i potwierdź usunięcie.

JNJN · 17 Luty 2007 14:18

Proszę zmienić temat postu na konkretny i używać polskich znaków,opcja zmień i popraw.JNJN

Majkel7 · 18 Luty 2007 15:29

eh, wszystko pościągałem, powklejalem, tylko jest jeden problem. Nie mogę wlączyć trybu awaryjnego… próbowalem i z F5 i z F8… Wie ktos jak moge wlaczyc ten cholerny tryb ? :-x

adam9870 · 18 Luty 2007 15:44

Ehh… w takim razie zrobimy jeszcze inaczej.

Pobierz Gmer’a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

W zakładce Usługi usuń z prawokliku następujące usługi: hwclock, l6, mnew1win, mnew4win, MSDisk, Win32Kernel, winmattm
W zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

CD C:\Program Files\Common Files\Microsoft Shared\Web Folders ATTRIB -R-S-H ibm00011.exe DEL ibm00011.exe RD /S /Q C:\Kazaa CD C:\WINDOWS\system32 ATTRIB -R-S-H ymmg.exe ATTRIB -R-S-H winsystems.exe ATTRIB -R-S-H winystems.exe ATTRIB -R-S-H mysvcc.exe ATTRIB -R-S-H svcchost.exe ATTRIB -R-S-H mnew1win.exe ATTRIB -R-S-H ll6.exe ATTRIB -R-S-H lrsys4.exe ATTRIB -R-S-H lrsys1.exe ATTRIB -R-S-H winlr1.exe ATTRIB -R-S-H kksvchost.exe ATTRIB -R-S-H l4svchost.exe ATTRIB -R-S-H lmdm.exe ATTRIB -R-S-H mnew1winc4.exe ATTRIB -R-S-H syst1q2.dll ATTRIB -R-S-H hwclock.exe ATTRIB -R-S-H mnew1win.exe ATTRIB -R-S-H mnew4win.exe ATTRIB -R-S-H irdvxc.exe ATTRIB -R-S-H mattm.exe DEL ymmg.exe DEL winsystems.exe DEL winystems.exe DEL mysvcc.exe DEL svcchost.exe DEL mnew1win.exe DEL ll6.exe DEL lrsys4.exe DEL lrsys1.exe DEL winlr1.exe DEL kksvchost.exe DEL l4svchost.exe DEL lmdm.exe DEL mnew1winc4.exe DEL syst1q2.dll DEL hwclock.exe DEL mnew1win.exe DEL mnew4win.exe DEL irdvxc.exe DEL mattm.exe CD C:\ ATTRIB -R-S-H Documents5120.exe DEL Documents5120.exe CD C:\WINDOWS ATTRIB -R-S-H win32host.exe DEL win32host.exe

W zakładce Procesy wybierz Zabij wszystko. Teraz poczekaj cierpliwie aż zniknie pulpit etc. - zostanie tylko okienko Gmer’a.
Wróć do zakładki CMD i kliknij Uruchom
W zakładce Procesy przez trzy kropki ( … ) wskaż Hijacka i skasuj w nim następujące wpisy:

F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\WO4 - HKLM…\RunServices: [msvcc25] svcchost.exeeb Folders\ibm00011.exe” F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O2 - BHO: (no name) - {284CE950-094E-4894-8794-764D6B63C777} - C:\WINDOWS\System32\ndbm.dll (file missing) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O4 - HKLM…\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM…\Run: [YUpdates] C:\WINDOWS\system32\ymmg.exe O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\Run: [winystems25] winystems.exe O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [winystems25] winystems.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKCU…\Run: [mlrnew1] C:\WINDOWS\system32\mnew1win.exe O4 - HKCU…\Run: [Winsvr] C:\Documents5120.exe O4 - HKCU…\Run: [lr6] C:\WINDOWS\system32\ll6.exe O4 - HKCU…\Run: [lr4newmc] C:\WINDOWS\system32\lrsys4.exe O4 - HKCU…\Run: [lr1newmc] C:\WINDOWS\system32\lrsys1.exe O4 - HKCU…\Run: [lrprod] C:\WINDOWS\system32\winlr1.exe O4 - HKCU…\Run: [MSkk] C:\WINDOWS\system32\kksvchost.exe O4 - HKCU…\Run: [MSl4] C:\WINDOWS\system32\l4svchost.exe O4 - HKCU…\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU…\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://*.iframeprofit.com/ O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: http://*.mycounter.biz/ O15 - Trusted Zone: http://*.our-counter.com/ O15 - Trusted Zone: http://*.porno-search.biz/porn/ O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O18 - Filter: text/html - (no CLSID) - (no file) O18 - Filter: text/plain - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\syst1q2.dll O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: l6 - Unknown owner - C:\WINDOWS\system32\ll6.exe (file missing) O23 - Service: mnew1win - Unknown owner - C:\WINDOWS\system32\mnew1win.exe (file missing) O23 - Service: mnew4win - Unknown owner - C:\WINDOWS\system32\mnew4win.exe (file missing) O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing) O23 - Service: winmattm - Unknown owner - C:\WINDOWS\system32\mattm.exe

Teraz reset i przeskanuj http://kaspersky.pl/virusscanner.html i pokaż nowy log z HijackThis plus z SilentRunners.

Majkel7 · 19 Luty 2007 21:43

Logfile of HijackThis v1.99.1 Scan saved at 22:46:04, on 2007-02-19 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\soundman.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\D-Tools\daemon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\iPod\bin\iPodService.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe D:\firefox\firefox.exe C:\Gadu-Gadu7\gg.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Documents and Settings\Michał\Pulpit\Nowy folder (2)\Netsoccer\netsoccer.exe C:\Documents and Settings\Michał\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe” O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [soundMan] soundman.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [iTunesHelper] “C:\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE” /s O4 - HKCU…\Run: [AltnetDownloadManager] C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe -Embedding O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.kaliber.com.pl/CFIDE/classes/CFJava.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_29.cab O17 - HKLM\System\CCS\Services\Tcpip…{E858A651-8292-48D4-A4D8-792E3A673052}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe

Na log z sillenta czekalem godzinke, ale sie nie doczekalem(chodzi mi o ten rozszerzony log), jezeli log jest niezbedny to jutro postaram sie zrobic

kennex · 20 Luty 2007 16:15

Usuń pogrubione wirusy.

W takim razie daj loga z Combofixa

Majkel7 · 20 Luty 2007 17:33

heh, akurat juz mam loga z sillenta Czekam na dalsze instrukcje

@kennex - bez urazy, ale skoro adam juz mnie prowadzi, to wole nie mieszac jego instrukcji z Twoimi

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “AltnetDownloadManager” = “C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe -Embedding” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE NvQTwk,NvCplDaemon initialize” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “Share-to-Web Namespace Daemon” = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [“Hewlett-Packard”] “HP Software Update” = “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Development Company, L.P.”] “HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe” [“HP”] “DeviceDiscovery” = “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”] “SoundMan” = “soundman.exe” [“Avance Logic, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “autoclk” = “autoclk.exe” [file not found] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “adiras” = “adiras.exe” [file not found] “iTunesHelper” = ““C:\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “AVPDWIN” = ““C:\Program Files\Panda Software\Panda Demo\pandasft.exe”” [file not found] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “DAEMON Tools-1033” = ““C:\D-Tools\daemon.exe” -lang 1033” [“DAEMON’S HOME”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE” /s” [“Panda Software International”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów” -> {HKLM…CLSID} = “Eksplorator pulpitów” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{A4DF5659-0801-4A60-9607-1C48695EFDA9}” = “Folder przesyłania Share-to-Web” -> {HKLM…CLSID} = “Folder przesyłania Share-to-Web” \InProcServer32(Default) = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL” [“Hewlett-Packard”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.5 Context Menu Shell Extension” -> {HKLM…CLSID} = “WinAceContext Menu Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] “{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.5 DragDrop Shell Extension” -> {HKLM…CLSID} = “WinAceDrag-Drop Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.5 Context Menu Shell Extension” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] “{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.5 Property Sheet Shell Extension” -> {HKLM…CLSID} = “WinAceProperty Sheet Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] “{B8323370-FF27-11D2-97B6-204C4F4F5020}” = “SmartFTP Shell Extension DLL” -> {HKLM…CLSID} = “SmartFTP Shell Extension DLL” \InProcServer32(Default) = “C:\Program Files\SmartFTP\smarthook.dll” [“SmartFTP”] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Documents and Settings\Michał\Pulpit\WinRAR\rarext.dll” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\Alcohol\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ShellTit.DLL” [“Panda Software International”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <> “Shell” = “explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe”” [MS], [file not found], [file not found], [file not found], [file not found], [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“PFDNNT C:\Program Files\Kazaa\TopSearch.dll” [file not found]|“PFDNNT C:\Program Files\kazaa\TopSearch.dll” [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ShellTit.DLL” [“Panda Software International”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Documents and Settings\Michał\Pulpit\WinRAR\rarext.dll” [null data] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Documents and Settings\Michał\Pulpit\WinRAR\rarext.dll” [null data] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “D:\WinAce\arcext.dll” [file not found] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ShellTit.DLL” [“Panda Software International”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Documents and Settings\Michał\Pulpit\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\pejzaz.scr” [“Midnight Blue Software, Inc.”] Startup items in “Michał” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Development Company, L.P.”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Enabled Scheduled Tasks: ------------------------ “WebReg Deskjet D2300 series” -> launches: “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe “Deskjet D2300 series”” [“Hewlett-Packard Development Company, L.P.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavlsp.dll ["Panda Software "], 01 - 03, 21 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}(Default) = “My Search Bar Quick View” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [MS] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Autodata Limited License Service, Autodata Limited License Service, ““C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe”” [null data] iPodService, iPodService, “C:\iPod\bin\iPodService.exe” [“Apple Computer, Inc.”] NVIDIA Driver Helper Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe”” [“Panda Software”] Panda Firewall Service, PAVFIRES, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe”” [“Panda Software”] Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe”” [“Panda Software”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe”” [“Panda Software Internacional”] Panda Pavkre, Pavkre, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe”” [“Panda Software”] Panda PavProt, PavProt, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe”” [“Panda Software”] Panda Preventium+ Service, PREVSRV, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe”” [“Panda Software”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] StarWind iSCSI Service, StarWindService, “C:\Alcohol\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt08\Driver = “hpzsnt08.dll” [“HP”] LIDIL Language Monitor\Driver = “hpzll463.dll” [“Hewlett-Packard Company”] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 2178 seconds, including 10 seconds for message boxes)

kennex · 20 Luty 2007 17:54

Wklej w notatniku:

Zapisz z rozszerzeniem .reg i scal

EDIT: Folder C:\Program Files\Altnet możesz usunąć, sam folder nic nie robi jednak często jest w nim pełno syfu, Spybot go usuwa .

Majkel7 · 20 Luty 2007 19:01

Nie mam takiego folderu

Skad ja Ci to mam wziasc

kennex · 20 Luty 2007 19:05

Jak nie ma plików to już jest ok .